hack-jutsu 101 - qsecure · hack jutsu101 means ... it is not a metasploit autopwn attack!!! page 5...
TRANSCRIPT
![Page 1: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/1.jpg)
Hack-Jutsu 101
by Demetris Papapetrou
![Page 2: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/2.jpg)
Page 2
Introduction
What does Jutsu mean?
• It is the Japanese word for Technique / Skill
Hack Jutsu 101 means
• Introduction to Hacking Techniques
A Demonstration?
• Risky Undertaking
• Many things can go wrong
• Easier for the audience to understand the impact of hacker
attacks
![Page 3: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/3.jpg)
Page 3
Common Defense Claims
We are very secure. We have a firewall deployed and therefore we are impenetrable !!! No one can get in!!!
We have the best antivirus and/or anti-spywaresoftware installed and hence malicious programs cannot run on our systems!!!
Who cares about us?
![Page 4: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/4.jpg)
Page 4
What Ethical Hacking isn’t
It is not a full-proof solution. • It cannot detect all your vulnerabilities / weaknesses• It is as good as the Pentester/Hacker performing it • It is limited by many factors (e.g. scope, deadlines)
It is not a Nessus scan!!!
It is not a Metasploit autopwn attack!!!
![Page 5: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/5.jpg)
Page 5
What Ethical Hacking is
It is about gathering and analyzing information, understanding how things work and combiningeverything together in very creative ways with the intend to bypass security controls.
It is about thinking what others haven’t thought about (e.g. a programmer, a web developer).
It is about thinking outside the box on an every day basis!!!
And it provides a realistic view of an organization’s security posture.
![Page 6: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/6.jpg)
Page 6
Network Penetration Testing
![Page 7: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/7.jpg)
Page 7
Network Pentesting Demo
Systems involved.
• MS Windows XP SP3, w/ Firewall, w/ Antivirus
• MS Windows 7, w/ Firewall, w/o Antivirus
Why not use Server versions of MS Windows?
• Low budget
• The security architecture is very similar between Server and
Workstation versions (e.g. DEP, ASLR)
![Page 8: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/8.jpg)
Page 8
Network Pentesting Demo
![Page 9: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/9.jpg)
Page 9
Network Pentesting Demo
![Page 10: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/10.jpg)
Page 10
DEMO
![Page 11: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/11.jpg)
Page 11
Network Pentesting Demo
![Page 12: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/12.jpg)
Page 12
Network Pentesting Demo
![Page 13: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/13.jpg)
Page 13
Network Pentesting Demo
![Page 14: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/14.jpg)
Page 14
Password Best Practices
Passwords should be at least eight (8) characters long
Passwords should meet complexity requirements.
However… the victim’s password was fourteen (14) characters long, met the MS Windows password complexity requirements…
…But we manage to crack it in 2 minutes.
WHY?… Because it was stored as LM Hash.
![Page 15: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/15.jpg)
V3RYS3C
Page 15
LM Hash Generation
V3ryS3curePa55 V3RYS3CUREPA55
1122AABBCCDDEEFF 33445566AABBCCDD
1122AABBCCDDEEFF33445566AABBCCDD
UREPA55
![Page 16: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/16.jpg)
Page 16
Password Best Practices
NTLM is stronger than LM.
NTLM does not suffer from the same weakness as LM does (i.e. password splitting and hash concatenation).
Hence eight (8) character long complex passwords are secure if LM is disabled. Right?
WRONG!!!
![Page 17: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/17.jpg)
Page 17
Password Best Practices
Change your password policy!!!
Passwords must be at least nine (9) characters long…
…for now!!!
This applies to unsalted MD5 hashes as well.
![Page 18: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/18.jpg)
Page 18
Cross-Site Request Forgery
![Page 19: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/19.jpg)
Page 19
Cross-Site Request Forgery
An attacker tricks the victim into performing an undesired function, without his/her knowledge (e.g. change password, transfer money)
Requirements:
• The target Web App needs to be vulnerable to CSRF. The
requested URL is always the same and does not change over
time or per request.
• The victim has authorized access to the URL (i.e. it is already
authenticated).
![Page 20: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/20.jpg)
Page 20
Cross-Site Request Forgery
GET page
Here you go.But you need this as wellwww.ebank.com/transfer.php
1 2
3
Sent instruction to transfer money
![Page 21: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/21.jpg)
Page 21
Cross-Site Request Forgery
Attacks through HTTP GET Requests are usually easy to perform.
Attacks through HTTP POST Requests are harder to perform but still possible.
• Need some XSS and a bit of AJAX
• Need to bypass browser Same Origin Policy (SOP)
Attacks can utilize UPnP. No authentication required!!!
Attacks against DSL routers may have devastating effects (e.g. change primary DNS, port forward, proxy).
![Page 22: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/22.jpg)
Page 22
DEMO
![Page 23: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/23.jpg)
Page 23
Client-Side Attacks
![Page 24: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/24.jpg)
Page 24
Client-Side Attacks
They exploit applications installed on user workstation or the user himself/herself.
They are the new type of remote attacks.
They are massively exploited.
They target the low hanging fruits. The users.
They bypass firewalls and other infrastructure security systems.
Attackers only need to succeed once.
![Page 25: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/25.jpg)
Page 25
Client-Side Attacks
Why target the users?
• They have unrestricted access to the corporate network
• There is large number of security unaware users
• User workstations are not monitored that well
• There are a lot of unpatched 3rd party applications installed on
user workstations
• It is much easier than penetrating the firewall
Victims can be contacted via email, Facebook, Google Ads, posters, etc.
![Page 26: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/26.jpg)
Page 26
DEMO
![Page 27: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/27.jpg)
Page 27
Conclusion
Improving your organization’s security posture is not an easy task. It goes beyond security policies and procedures.
Your security posture is as strong as the skills of your InfoSec Team (incl. your consultants, etc).
So choose them wisely!!!
But the most important question still remains…
![Page 28: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/28.jpg)
Page 28
Conclusion
How can you tell who has got the necessary skills since you don't have those skills
yourselves?
![Page 29: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/29.jpg)
Page 29
We would be happy to help.
Do You Have Any Questions?
![Page 30: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/30.jpg)
Page 30
The presentation was performed by Demetris Papapetrou
Many thanks go to QSecure for their contribution!!!
![Page 31: Hack-Jutsu 101 - QSecure · Hack Jutsu101 means ... It is not a Metasploit autopwn attack!!! Page 5 What Ethical Hacking is It is about gatheringand analyzinginformation, understandinghow](https://reader033.vdocument.in/reader033/viewer/2022052718/5f05642c7e708231d412baba/html5/thumbnails/31.jpg)
Page 31
Inaccuracies
If a stateful firewall device was deployed, then Idle scanning could not be performed between the two victim hosts.
If the XP machine was behind a NAT device, then TCP port 23 wouldn't be reachable from the Internet.
The xp_cmdshell stored procedure is not enabled by default on MS SQL Server 2005. It needs to be enabled by a sys admin.